WHEN THE Stuxnet cyber attack temporarily took down the Iranian nuclear facility at Natanz in 2010, it made few waves in India. However, shocking details have now emerged that barely a few months after the computer worm created problems in Iran, critical infrastructure in India too was infected by the tactical cyber weapon developed in Israeli laboratories.

In June 2010, ONGC oil rigs using SCADA (Supervisory Control and Data Acquisition) industrial systems were found to be infected by the same worm. The oil major, whose control systems are run by ABB, didnâ€™t face an immediate threat because the worm was programmed to target Siemens systems. However, with 247 onshore production facilities, 11 offshore processing complexes, 74 drilling rigs and 7,000 wells, all run by a centralised control system, an attack could have taken out Indiaâ€™s entire oil production for days, if not weeks.

Just a few weeks after that shocking discovery, Indian investigators also stumbled upon massive infections in a mega power project in Gujarat using SCADA systems controlling the generation and transmission network in western India. Investigators pieced together the evidence and launched a probe into other vulnerable systems that revealed facts that were too sensitive and complex to be made public. They discovered that the same attack was perfectly capable of knocking off signal and control systems on Delhi Metroâ€™s crucial links, throwing the capitalâ€™s most used public transport system into chaos.

Earlier, cyber security investigative researcher Jeffrey Karr had shocked ISRO when he proved that Indiaâ€™s INSAT 4B satellite was taken down by Stuxnet to serve Chinese business interests. On 7 July 2010, INSAT 4Bâ€™s power glitch forced Indiaâ€™s leading DTH providers such as Sun Direct, Doordarshan and Tata Teleservices to shift to ASIASAT-5, a satellite owned by the Chinese government. INSAT 4B was using the same Siemens software that was responsible for activating Stuxnet to make the Iranian nuclear facility go haywire.

Despite the fact that cyber security is being breached every day, there seems to be little urgency in devising a National Cyber Security Policy that could provide not just a security blanket against future attacks but also a framework for offensive capabilities that enables India to retaliate and launch attacks against enemy nations.
.
.
.
After the Stuxnet attack, NTRO hackers actively used â€˜sink holingâ€™ to trace massive infections in India. But NTRO bigwigs prematurely declared the detection as complete despite being warned by the professionals that some critical controls and commands that had been infected with Stuxnet had not been completely neutralised. â€œThat poses a grave danger to critical infrastructure in the near future. NTRO officials did no in-depth checks on Stuxnet, which means the worm is still dormant in many important systems in the country,â€ says ethical hacker Ginish Venkataraman.

There had been reports that Prime Minister Manmohan Singh had approved the formation of a National Cyber Command on the lines of the USCYBERCOM. But that too has not yet seen the light of day even though the gravity of attacks this year has seen an increase in intensity and frequency. Moreover, even the draft Cyber Security Policy has been dismissed as being too focussed on doing a clean-up job rather than preparing India to gain a decisive edge in the emerging field of cyber warfare.

The entire thrust of the draft is on â€œrapid identification, information exchange, and remediationâ€ to thwart destabilising and malicious cyber attacks while ignoring the need to build up a credible deterrent that prevents enemies from tinkering with Indiaâ€™s national security.

â€œIt is like the race for nuclear warheads. Those who started early had the advantage of dictating the rules of nuclear warfare and early starters like US and Russia still hold the worldâ€™s biggest nuclear arsenals,â€ says Sreeram Chaulia, dean of Jindal School of International Affairs. â€œIn the age of cyber warfare, those nations who start developing attack capabilities early will be in a position to prevent others from making much headway in cyber warfare. The time has come to have a cyber war doctrine with a specialised cadre that is capable of making sense of the information gathered from the servers of other nations and outfits. We need to have a two-tier structure â€” a group of hackers who are the foot soldiers reporting to tech-savvy bureaucrats who can think beyond a territorial mindset and know how to make sense of the intelligence provided.â€

The armed forces too have their own Cyber Emergency Response Teams (CERTs) but the presence of the Defence Intelligence Agency again raises the question of where the buck stops and just who is responsible for collecting and acting on virtual data. The CERTs have been unable to thwart some mind-boggling attacks on its infrastructure, according to a Canadian investigation into defence hacking titled Shadows in the Cloud.

Documents pertaining to the deployment of the 21 Artillery Brigade in Assam were exfiltrated by hackers backed by the Chinese government along with sensitive documents detailing aircraft deployment at the Indian Air Force base in Vadodara apart from sensitive details from the Air Force Station in New Delhi.

But the real shocker came when the army realised that important documents relating to Project Shakti were stolen. Project Shakti is a $300 million effort by the army to link all its artillery guns to a central command â€” exactly the kind of centralised operating playground that was exploited by the powers behind Stuxnet. Security experts say that details of the network would enable enemies to devise a worm or virus that would circumvent security and be used to induce malfunctions in the artillery system. Moreover, details about the Pechora missile system were stolen, apart from files relating to Indiaâ€™s observations on the Iron Dome missile shield, which it is planning to buy from Israel.
.
.
.
Given the imminent threat, there is an urgent need to establish an agency for cyber warfare that deals not just with security but can also retaliate and initiate attacks on others. India has established itself as an IT superpower whose software firms have been instrumental in helping global corporations cut costs using cheap and skilled labour.

Tragically, India finds itself unable to get enough talented people to fill the void in its intelligence and offensive set-up in cyberspace. The failure to leverage this headstart to secure our strategic interests might only prove costly in an age where State-sponsored cyber attacks can achieve mass destruction without directly taking lives.

what to do boss Indian policy makers are yet to view the danger posed by cyber threats,note that when our national security advisors are themselves old fossils how can they be aware of such changes and accordingly counsel our remote controlled PM.

its a collective failure of Defence,Investigative and political stakeholders

But the real shocker came when the army realised that important documents relating to Project Shakti were stolen. Project Shakti is a $300 million effort by the army to link all its artillery guns to a central command â€” exactly the kind of centralised operating playground that was exploited by the powers behind Stuxnet. Security experts say that details of the network would enable enemies to devise a worm or virus that would circumvent security and be used to induce malfunctions in the artillery system. Moreover, details about the Pechora missile system were stolen, apart from files relating to Indiaâ€™s observations on the Iron Dome missile shield, which it is planning to buy from Israel.

Click to expand...

Imagine millions of worth of defense acquisition rendered useless by computer viruses. Its a big gaping hole in the armory we have.

There is enough talent in India to thwart attacks and make rock solid defenses for all sensitive and susceptible networks. But the problem is, the goddamn babus and government machinery take years to make even small moves.

Now what these buggers will do is, they will open a new government department and recruit a few kids. They will pay salaries like 20,000 per month. And only the bottom rung will apply and get jobs here. All the bright ones will go to the IBMs and HPs and Oracles and MIcrosofts and Infosys and TCS, etc. etc. The government department will be starved of funds, and will be a giant failure, attacks will continue to increase on our networks.

The problem faced in cyber warfare is that an attacker can attack his targets piecemeal. The defenders problem is that each government entity is responsible for their own cyber safety, here lies the flaw. The security depends on the technological understanding of the person heading the entity.

India is facing cyber attacks from China on a daily basis and information is leaking out in a big way. This is a real shame when we are an aclaimed IT giant.

The National Technology Research Organisation (NTRO) should be reactivated and should be divided into a defensive theam and an assault team. If we have to launch a cyber attack today - we have zero capability in place.

All departments that come under-the Official Secrets Act should be advised by NTRO experts. With regular security audits and penalties in place for negligence.

For this particular situation the PMO should consider employing young blood, Comp. whiz kids, nationalist hackers etc. for the national cyber command and weed out old good for nothing babus who cannot even type their own emails. Just imagine if a babu who does not know shyt about internet is heading the Cyber Command....only in India such dastardly acts can happen and they keep on happening! When will these power hungry people learn to lay off when they are not capable of handling certain issues, but guess what they take the job for money and power involved, and hire consultants / outsiders to their job and then for obvious reasons inefficiency and ineptitude creeps in!

That is not a problem once a system has been devised. We need to make a start. Track the source of attacks map the threats and start counter-attacks against those sources.

Click to expand...

The CIA and Sony servers were supposedly hacked by a 19 year old kid and a group called LulSec. It is a rag tag bunch of people who hack only to expose security. You could call it a non profit organization.

Real hacking for profit can get really dangerous. CCIE trainers and experts get paid secretly by corporations just so they don't hack into their servers. Telecom companies like Vodafone, Airtel and even small networking companies pay 10000-20000 every month. Some get paid in Lakhs per month depending on their "capabilities."

There is only one fool proof way of securing against hacking from other countries. Cut the hardline when under attack, but we need to devise a way to detect an intrusion.

Counter attacks can be done by setting up groups of your own which can attack and assure a MAD scenario. Fact is you can set up a hacking group of our own and do the same thing as the Chinese are doing, even better if you are given Govt funding and legal protection as is the case of some Chinese groups. Every country has computer experts and ours is no different. We have plenty of such groups.
Only drawback is Internet in India is extremely slow and expensive.

The CIA and Sony servers were supposedly hacked by a 19 year old kid and a group called LulSec. It is a rag tag bunch of people who hack only to expose security. You could call it a non profit organization.

Real hacking for profit can get really dangerous. CCIE trainers and experts get paid secretly by corporations just so they don't hack into their servers. Telecom companies like Vodafone, Airtel and even small networking companies pay 10000-20000 every month. Some get paid in Lakhs per month depending on their "capabilities."

Click to expand...

Oh boy, I did'nt know that.

There is only one fool proof way of securing against hacking from other countries. Cut the hardline when under attack, but we need to devise a way to detect an intrusion.

Click to expand...

Well, you have brought out the above point. I'm sure guys like you with the required know how can devise some processes.

Well, you have brought out the above point. I'm sure guys like you with the required know how can devise some processes.

Click to expand...

I have just started CCIE training, that's 2 years to understand networks. Then I will need to undergo hacking training, that's another 3 years with experience, tops, just so I can hack something big credibly. My brother's already a step ahead of me in this department. Who knows? Perhaps we may start a revolution. But as of today we are nothing in this department. We won't be doing anything without GOI support though.

A person in India cannot do anything like this unless GoI supports it. Such hackers simply have to call themselves ethical hackers and rely on brains in order not to get caught. They may have to move to a country with weak cyber laws if they are to carry out criminal activities like this.

The second website is probably more secure than any of our govt websites.

After India tested nukes in 1998 a bunch of American, British and NZ hackers hacked into BARC. They did not just bring a website down, they were actually in the entire network. They literally walked in. The Hacker group is called milw0rm. They stole thousands of pages of data from BARC's servers and almost everything was classified stuff. They were all teenagers. OH! CIA then stole this information from the kids, physically or electronically we don't know.

Since I do have much knowledge of these cyber attacks. Why GOI does not set up a separate department in one of the Investigative branch of Armed Forces and hire the best available talent who show tendency of nationalism(as has been mentioned by MAOMAO). They should be paid premium salary as well.

Since I do have much knowledge of these cyber attacks. Why GOI does not set up a separate department in one of the Investigative branch of Armed Forces and hire the best available talent who show tendency of nationalism(as has been mentioned by MAOMAO). They should be paid premium salary as well.

Living with parents is a cultural tradition as it is in some of the European countries. It is also making comeback in North America due to the state of economy. I foresee this to take hold in our society since most of the seniors prefer to stay at hoe rather than retirement homes.